* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Wireless LAN Management
Survey
Document related concepts
TV Everywhere wikipedia , lookup
Spectrum reallocation wikipedia , lookup
Distributed firewall wikipedia , lookup
Extensible Authentication Protocol wikipedia , lookup
Computer security wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Airborne Networking wikipedia , lookup
Computer network wikipedia , lookup
Network tap wikipedia , lookup
Wireless USB wikipedia , lookup
Wake-on-LAN wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Policies promoting wireless broadband in the United States wikipedia , lookup
IEEE 802.11 wikipedia , lookup
Wireless security wikipedia , lookup
Transcript
Wireless LAN Management w.lilakiatsakun Topics Wireless LAN fundamental Wireless LAN Solution Link characteristic Band and spectrum IEEE 802.11 architecture /channel allocation Adhoc / infrastructure Load balancing /Extended Service Set (Roaming) Wireless repeater /bridge Wireless LAN security Wireless Link Characteristics Differences from wired link …. decreased signal strength: radio signal attenuates as it propagates through matter (path loss) interference from other sources: standardized wireless network frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); devices (motors) interfere as well multipath propagation: radio signal reflects off objects ground, arriving ad destination at slightly different times Transmission over wireless link induces loss and error more often Wireless network characteristics A B Hidden terminal problem B, A hear each other B, C hear each other A, C can not hear each other means A, C unaware of their interference at B B A C C C’s signal strength A’s signal strength space Signal fading: B, A hear each other B, C hear each other A, C can not hear each other interfering at B Unlicensed Spectrum ISM stands for Industrial Scientific and Medical Implementing ISM bands is different for countries Band FCC-Freq.(us) ETSI-Freq.(Eu) Main Use ISM-900 902-908MHz 890-906MHz Food Process ISM-2.4 2.4-2.4835GHz 2.4-2.5GHz Microwave Oven ISM-5.8 5.725-5.850 GHz 5.725-5.875GHz Medical Scanner ISM Band Only ISM-2.4 band is available for every country Microwave oven Medical equipment Communication e.g. wireless LAN, Bluetooth But, it is too crowded Communication use “Spread Spectrum” to avoid interference IEEE 802.11 Wireless LAN 802.11b 2.4 GHz unlicensed radio spectrum Using CCK (Complementary Code Keying) to improve data rate Backward compatible with DSSS system Not compatible with FHSS system Max. at 11 Mbps - Theoretical max capacity (raw data rate) Max data rate is only 6 Mbps. (only short range and no interference) IEEE 802.11 Wireless LAN 802.11a 802.11g 5 GHz range ,OFDM up to 54 Mbps (31 Mbps – Real throughput) 2.4 GHz range - CCK-OFDM backward compatible with IEEE 802.11b up to 54 Mbps (31 Mbps – Real throughput) All use CSMA/CA for multiple access Wireless LAN standards 802.11 LAN architecture Internet AP hub, switch or router BSS 1 AP BSS 2 wireless host communicates with base station base station = access point (AP) Basic Service Set (BSS) (aka “cell”) in infrastructure mode contains: wireless hosts access point (AP): base station ad hoc mode: hosts only IEEE 802.11: multiple access avoid collisions: 2+ nodes transmitting at same time 802.11: CSMA - sense before transmitting don’t collide with ongoing transmission by other node 802.11: no collision detection! difficult to receive (sense collisions) when transmitting due to weak received signals (fading) can’t sense all collisions in any case: hidden terminal, fading goal: avoid collisions: CSMA/C(ollision)A(voidance) IEEE 802.11 MAC Protocol: CSMA/CA 802.11 sender 1 if sense channel idle for DIFS then transmit entire frame (no CD) 2 if sense channel busy then start random backoff time timer counts down while channel idle transmit when timer expires if no ACK, increase random backoff interval, repeat 2 sender receiver DIFS 802.11 receiver - if frame received OK return ACK after SIFS data SIFS ACK Avoiding collisions (more) idea: allow sender to “reserve” channel rather than random access of data frames: avoid collisions of long data frames sender first transmits small request-to-send (RTS) packets to BS using CSMA RTSs may still collide with each other (but they’re short) BS broadcasts clear-to-send CTS in response to RTS CTS heard by all nodes sender transmits data frame other stations defer transmissions Avoid data frame collisions completely using small reservation packets! Collision Avoidance: RTS-CTS exchange A AP B reservation collision DATA (A) time defer Channel partitioning in wireless LAN With DSSS modulation technique, bandwidth used for one channel is 22 Mbps In 2.4 GHz band , bandwidth is only 83 MHz available So, we need 5 channel space for nonoverlapping channel Avoiding interference between each other Consider in frequency reuse and capacity increment Channel Allocation Relationship between Data rate and signal strength 802.11: Channels, association 802.11b: 2.4GHz-2.485GHz spectrum divided into 11 channels at different frequencies AP admin chooses frequency for AP interference possible: channel can be same as that chosen by neighboring AP! host: must associate with an AP scans channels, listening for beacon frames containing AP’s name (SSID) and MAC address selects AP to associate with may perform authentication Interferences in wireless LAN Microwave oven – 2450 MHz (1000 watts) Around channel 7-10 Bluetooth device (0.01 W) Cordless Phone Toys and etc Use Network Strumbler to show signal / noise ratio on wireless LAN channels Network Strumbler Wireless Solution Adhoc Infrastructure Load balancing Connect wireless LAN without access point Extended Service Set Extend range with wireless repeater Wireless bridge Ad hoc Configuration – set as Adhoc / Peer to peer Set BSSID and channel to use Infrastructure Load balancing 5 channel space Maximum 3 access point assigned on overlapped area Channel 1 /6 /11 Connect wireless LAN without access point Use a host act as gateway Extended Service Set Support mobility Extend range with Wireless repeater Wireless bridge (Point to point link) Wireless LAN security management (1/2) Common attack and vulnerability The weakness in WEP & key management & user behavior Sniffing, interception and eavesdropping Spoofing and unauthorized access Network hijacking and modification Denial of Service and flooding attacks Wireless LAN security management (2/2) Security countermeasure Revisiting policy Analysis threat Implementing WEP Filtering MAC Using closed systems and Networks Securing user The weakness in WEP & key management & user behavior Several papers were published to show vulnerabilities on WEP and tools to recover encryption key AirSnort (http://airsnort.shmoo.com) WEPCrack http://sourceforge.net/projects/wepcrack/ IEEE 802.11 outline that the secret key used by WEP needs to be controlled by external key management Normally, key management is done by user (define 4 different secret keys) RADIUS (Remote Dial-In User Service) not use in small business or home users The weakness in WEP & key management & user behavior Users often operate the devices on default configuration SSID broadcast – turn on Default password as a secret key 3com product – comcomcom Lucent product is the last five digit of network ID Sniffing, interception and eavesdropping Sniffing is the electronic form of eavesdropping on the communications that computer have across network Wireless networks is a broadcast (shared) link Every communication across the wireless network is viewable to anyone who is listening to the network Not even need to associated with the network Sniffing tools All software packages will put network card in promiscuous mode, every packet that pass its interface is captured and displayed Ethereal OmniPeek http://www.wildpackets.com/products/omnipeek Tcpdump www.ethereal.com/ www.tcpdump.org/ Ngrep http://ngrep.sourceforge.net/ Spoofing and unauthorized access Spoofing- An attacker is able to trick your network equipment into thinking that the connection is from one of allowed machines Several way to accomplish Redefine MAC address to a valid MAC address simple Registry edit for windows On unix with a simple command from root shell SMAC (software packages on windows) Network hijacking and modification Malicious user able to send message to routing devices and APs stating that their MAC address is associated with a known IP address From then on, all traffic that goes through that router (switch) destined for hijacked IP address will be handoff to the hijacker machine ARP spoof or ARP poisoning Network hijacking and modification If the attacker spoofs as the default gateway All machines trying to get to the network will connect to the attacker To get passwords and necessary information Use of rogue AP To receive authentication requests and information Denial of Service and flooding attacks One of the original DoS attacks is known as a ping flood One of possible attack would be through a massive amount of invalid or valid authentication requests. A large number of hosts or devices to send and ICMP echo to a specified target Users attempting to authenticate themselves would have difficulties in acquiring a valid session If hacker can spoof as a default gateway, it can prevent any machine from wireless network to access the wired network Revisiting policy Adjust corporate security policy to accommodate wireless networks and the users who depend on them , Because of wireless environment no visible connection – good authentication required Ease of capture of RF traffic – good policy should not broadcast SSID and should implement WEP Not use default name or password in operating AP devices Analyzing the threat (1/2) Identify assets and the method of accessing these from an authorized perspective Identify the likelihood that someone other than an authorized user can access the assets Identify potential damages Defacement Modification Theft Destruction of data Analyzing the threat (2/2) Identify he cost to replace, fix, or track the loss Identify security countermeasures Identify the cost in implementation of the countermeasures Hardware/software/personnel Procedures /limitations on access across the corporate structure Compare costs of securing the resources versus the cost of damage Implementing WEP To protect data sniffing during session 128-bit encryption should be considered as a minimum Most APs support both 40-bit and 128-bit encryption WEP advantages All messages are encrypted so privacy is maintained Easy to implement WEP keys are user definable and unlimited Implementing WEP WEP disadvantages The RC4 encryption algorithm is a known stream cipher can be broken Once the key is changed, it needs to be informed to everyone WEP does not provide adequate WLAN security Only eliminate the curious hacker who lacks the means or desire to really hack your network WEP has to be implemented on every client as well as every AP to be effective Filtering MAC To minimize the a number of attack It can be performed at the switch attached to the AP or on the AP itself MAC filtering advantages More practical on small networks Predefined users are accepted/ filtered MAC do not get access MAC filtering advantages Administrative overhead- large amount of users MAC address can be reprogrammed Using closed systems and networks Turn off broadcasting SSID, use proper password (WEP) Select “close wireless system” Advantages AP does not accept unrecognized network requests Preventing Netstrumbler snooping software Easy to implement Disadvantages Administration required for new users and changes Securing users Educate the users to the threats and where they are at risk Provide policies that enable them to successfully secure themselves How proper password is set ? Change password on regular interval At least password length Create policies that secure user behind the scenes Filtering traffic Securing users Some of the rule sets that should be in place with the respect to wireless 802.11 No rogue access point Inventory all wireless cards and their corresponding MAC address No antennas without administrative consent Strong password on wireless network devices Other methods VPN WEP + RADIUS WPA (Wi-Fi Protected Access) – IEE802.11i WPA + RADIUS 802.1x + RADIUS EAP-MD5, LEAP (cisco), EAP-TLS, EAP-TTLS MAC filtering +WEP + RADIUS Mahanakorn solution Web recommendation http://www.thaicert.nectec.or.th/paper/wireless/IEEE80211_4.php